cvelistv5 - cve-2010-3599

CVE-2010-3599 (GCVE-0-2010-3599)

Vulnerability from cvelistv5 – Published: 2011-01-19 15:00 – Updated: 2024-08-07 03:18

Summary

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	http://www.vupen.com/english/advisories/2011/0143	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/515956/100…	mailing-listx_refsource_BUGTRAQ
	http://dsecrg.com/pages/vul/show.php?id=306	x_refsource_MISC
	http://www.securitytracker.com/id?1024981	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/45856	vdb-entryx_refsource_BID
	http://secunia.com/advisories/42976	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0143"
          },
          {
            "name": "oracle-document-importserver-unauth-access(64767)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
          },
          {
            "name": "20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dsecrg.com/pages/vul/show.php?id=306"
          },
          {
            "name": "1024981",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024981"
          },
          {
            "name": "45856",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45856"
          },
          {
            "name": "42976",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42976"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "ADV-2011-0143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0143"
        },
        {
          "name": "oracle-document-importserver-unauth-access(64767)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
        },
        {
          "name": "20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dsecrg.com/pages/vul/show.php?id=306"
        },
        {
          "name": "1024981",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024981"
        },
        {
          "name": "45856",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45856"
        },
        {
          "name": "42976",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42976"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0143"
            },
            {
              "name": "oracle-document-importserver-unauth-access(64767)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
            },
            {
              "name": "20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
            },
            {
              "name": "http://dsecrg.com/pages/vul/show.php?id=306",
              "refsource": "MISC",
              "url": "http://dsecrg.com/pages/vul/show.php?id=306"
            },
            {
              "name": "1024981",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024981"
            },
            {
              "name": "45856",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45856"
            },
            {
              "name": "42976",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42976"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2010-3599",
    "datePublished": "2011-01-19T15:00:00",
    "dateReserved": "2010-09-20T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62C295FB-3AFC-4051-AA7F-9BC8B56B4501\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17FCAA6C-F1A6-469D-9449-9A99D3E70A70\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el componente de Captura de Documentos de Oracle Fusion Middleware v10.1.3.4 y v10.1.3.5 permite a atacantes remotos afectar a la integridad y la disponibilidad a trav\\u00e9s de vectores desconocidos relacionados con el servidor de importaci\\u00f3n.\"}]",
      "id": "CVE-2010-3599",
      "lastModified": "2024-11-21T01:19:12.290",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:C/A:C\", \"baseScore\": 9.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-01-19T16:00:02.967",
      "references": "[{\"url\": \"http://dsecrg.com/pages/vul/show.php?id=306\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://secunia.com/advisories/42976\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515956/100/0/threaded\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securityfocus.com/bid/45856\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id?1024981\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0143\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64767\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://dsecrg.com/pages/vul/show.php?id=306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/515956/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64767\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3599\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2011-01-19T16:00:02.967\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente de Captura de Documentos de Oracle Fusion Middleware v10.1.3.4 y v10.1.3.5 permite a atacantes remotos afectar a la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con el servidor de importaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:C/A:C\",\"baseScore\":9.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C295FB-3AFC-4051-AA7F-9BC8B56B4501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17FCAA6C-F1A6-469D-9449-9A99D3E70A70\"}]}]}],\"references\":[{\"url\":\"http://dsecrg.com/pages/vul/show.php?id=306\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/42976\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515956/100/0/threaded\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/bid/45856\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id?1024981\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0143\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64767\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://dsecrg.com/pages/vul/show.php?id=306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515956/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-3599

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3599

Aliases

CVE-2010-3599

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3599",
    "description": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.",
    "id": "GSD-2010-3599",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-3599"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3599"
      ],
      "details": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.",
      "id": "GSD-2010-3599",
      "modified": "2023-12-13T01:21:34.587064Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2010-3599",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0143",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0143"
          },
          {
            "name": "oracle-document-importserver-unauth-access(64767)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
          },
          {
            "name": "20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
          },
          {
            "name": "http://dsecrg.com/pages/vul/show.php?id=306",
            "refsource": "MISC",
            "url": "http://dsecrg.com/pages/vul/show.php?id=306"
          },
          {
            "name": "1024981",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024981"
          },
          {
            "name": "45856",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45856"
          },
          {
            "name": "42976",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42976"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2010-3599"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "45856",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45856"
            },
            {
              "name": "1024981",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024981"
            },
            {
              "name": "ADV-2011-0143",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0143"
            },
            {
              "name": "42976",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42976"
            },
            {
              "name": "http://dsecrg.com/pages/vul/show.php?id=306",
              "refsource": "MISC",
              "tags": [],
              "url": "http://dsecrg.com/pages/vul/show.php?id=306"
            },
            {
              "name": "oracle-document-importserver-unauth-access(64767)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
            },
            {
              "name": "20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:04Z",
      "publishedDate": "2011-01-19T16:00Z"
    }
  }
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été corrigées dans les produits Oracle tels que Oracle Database, Oracle Application Server ou Oracle Open Office. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur malveillant distant pour contourner la politique de sécurité ou encore porter atteinte à l'intégrité et/ou la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

CERTA-2011-AVI-022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;
Oracle	N/A	Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;
Oracle	N/A	Oracle Sun Product Suite ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	N/A	Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	N/A	Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	N/A	Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;
Oracle	N/A	Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.1 ;
Oracle	N/A	Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;
Oracle	N/A	Oracle GoldenGate Veridata, version 3.0.0.4 ;
Oracle	N/A	Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle de janvier 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Sun Product Suite ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
    },
    {
      "name": "CVE-2010-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
    },
    {
      "name": "CVE-2010-4438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
    },
    {
      "name": "CVE-2010-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
    },
    {
      "name": "CVE-2010-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
    },
    {
      "name": "CVE-2010-4439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
    },
    {
      "name": "CVE-2010-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
    },
    {
      "name": "CVE-2010-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
    },
    {
      "name": "CVE-2010-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
    },
    {
      "name": "CVE-2010-4419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
    },
    {
      "name": "CVE-2010-4464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
    },
    {
      "name": "CVE-2010-4457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
    },
    {
      "name": "CVE-2010-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
    },
    {
      "name": "CVE-2010-4460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
    },
    {
      "name": "CVE-2010-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
    },
    {
      "name": "CVE-2010-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
    },
    {
      "name": "CVE-2010-4414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
    },
    {
      "name": "CVE-2010-4420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
    },
    {
      "name": "CVE-2010-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
    },
    {
      "name": "CVE-2010-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
    },
    {
      "name": "CVE-2010-4418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
    },
    {
      "name": "CVE-2010-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
    },
    {
      "name": "CVE-2010-4441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
    },
    {
      "name": "CVE-2010-4440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
    },
    {
      "name": "CVE-2010-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
    },
    {
      "name": "CVE-2010-4443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
    },
    {
      "name": "CVE-2010-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
    },
    {
      "name": "CVE-2010-4437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
    },
    {
      "name": "CVE-2009-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
    },
    {
      "name": "CVE-2010-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
    },
    {
      "name": "CVE-2010-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
    },
    {
      "name": "CVE-2010-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
    },
    {
      "name": "CVE-2010-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
    },
    {
      "name": "CVE-2010-4446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
    },
    {
      "name": "CVE-2010-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
    },
    {
      "name": "CVE-2010-4426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2010-4461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
    },
    {
      "name": "CVE-2010-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
    },
    {
      "name": "CVE-2010-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
    },
    {
      "name": "CVE-2010-4442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
    },
    {
      "name": "CVE-2010-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
    },
    {
      "name": "CVE-2010-4413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
    },
    {
      "name": "CVE-2010-3505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
    },
    {
      "name": "CVE-2010-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
    },
    {
      "name": "CVE-2010-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
    },
    {
      "name": "CVE-2010-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
    },
    {
      "name": "CVE-2010-4445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
    },
    {
      "name": "CVE-2010-4458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
    },
    {
      "name": "CVE-2010-4417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
    },
    {
      "name": "CVE-2010-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
    },
    {
      "name": "CVE-2010-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
    },
    {
      "name": "CVE-2010-4425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
    },
    {
      "name": "CVE-2010-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
    },
    {
      "name": "CVE-2010-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
    },
    {
      "name": "CVE-2010-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
    },
    {
      "name": "CVE-2010-4427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
    },
    {
      "name": "CVE-2010-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
    },
    {
      "name": "CVE-2010-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
    },
    {
      "name": "CVE-2010-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
    },
    {
      "name": "CVE-2010-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
    },
    {
      "name": "CVE-2010-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
    },
    {
      "name": "CVE-2010-1227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
    },
    {
      "name": "CVE-2010-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
    },
    {
      "name": "CVE-2010-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
    },
    {
      "name": "CVE-2010-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    }
  ]
}

GHSA-2VC8-2444-P3FM

Vulnerability from github – Published: 2022-05-14 02:43 – Updated: 2022-05-14 02:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3599"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-19T16:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.",
  "id": "GHSA-2vc8-2444-p3fm",
  "modified": "2022-05-14T02:43:12Z",
  "published": "2022-05-14T02:43:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3599"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
    },
    {
      "type": "WEB",
      "url": "http://dsecrg.com/pages/vul/show.php?id=306"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42976"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45856"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024981"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0143"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2010-3599

Vulnerability from fkie_nvd - Published: 2011-01-19 16:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://dsecrg.com/pages/vul/show.php?id=306
secalert_us@oracle.com	http://secunia.com/advisories/42976
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/archive/1/515956/100/0/threaded
secalert_us@oracle.com	http://www.securityfocus.com/bid/45856
secalert_us@oracle.com	http://www.securitytracker.com/id?1024981
secalert_us@oracle.com	http://www.vupen.com/english/advisories/2011/0143	Vendor Advisory
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/64767
af854a3a-2127-422b-91ae-364da2661108	http://dsecrg.com/pages/vul/show.php?id=306
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42976
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/515956/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45856
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024981
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64767

Impacted products

	Vendor	Product	Version
	oracle	fusion_middleware	10.1.3.4
	oracle	fusion_middleware	10.1.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C295FB-3AFC-4051-AA7F-9BC8B56B4501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FCAA6C-F1A6-469D-9449-9A99D3E70A70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente de Captura de Documentos de Oracle Fusion Middleware v10.1.3.4 y v10.1.3.5 permite a atacantes remotos afectar a la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con el servidor de importaci\u00f3n."
    }
  ],
  "id": "CVE-2010-3599",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-01-19T16:00:02.967",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://dsecrg.com/pages/vul/show.php?id=306"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/advisories/42976"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/45856"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id?1024981"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0143"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dsecrg.com/pages/vul/show.php?id=306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515956/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64767"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3599 (GCVE-0-2010-3599)

GSD-2010-3599

CERTA-2011-AVI-022

Description

Solution

CERTA-2011-AVI-022

Description

Solution

GHSA-2VC8-2444-P3FM

FKIE_CVE-2010-3599

Tags

Sightings

Nomenclature